Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Google Safe Browsing (High Level)

Google Safe Browsing (High Level)

What is it? How does Firefox use it? How can you use it as a web developer?

luke crouch

January 15, 2018
Tweet

More Decks by luke crouch

Other Decks in Technology

Transcript

  1. • What is SafeBrowsing?
    • How we (Firefox) use SafeBrowsing
    • How you can use SafeBrowsing

    View full-size slide

  2. What is Safe Browsing?
    safebrowsing.google.com

    View full-size slide

  3. It’s a free service
    operated by Google
    • It hosts lists of urls
    • malware
    • other unwanted software
    • phishing / social engineering
    • It’s used by Android, Gmail, Ads, Search, Chrome,
    Firefox, Safari, Opera

    View full-size slide

  4. visiting malware url
    in Firefox

    View full-size slide

  5. visiting unwanted software url
    in Firefox

    View full-size slide

  6. visiting phishing url
    in Firefox

    View full-size slide

  7. How are urls
    added to the lists?

    View full-size slide

  8. phishing url

    View full-size slide

  9. submit to Safe Browsing
    https://safebrowsing.google.com/safebrowsing/
    report_badware/?hl=en

    View full-size slide

  10. submit from Firefox
    Help → Report Deceptive Site

    View full-size slide

  11. submit from Firefox

    View full-size slide

  12. How many sites
    are in the lists?

    View full-size slide

  13. https://transparencyreport.google.com/safe-browsing/overview

    View full-size slide

  14. https://transparencyreport.google.com/safe-browsing/overview

    View full-size slide

  15. https://transparencyreport.google.com/safe-browsing/overview

    View full-size slide

  16. https://transparencyreport.google.com/safe-browsing/overview

    View full-size slide

  17. How often do people
    encounter these sites?

    View full-size slide

  18. https://transparencyreport.google.com/safe-browsing/overview

    View full-size slide

  19. How does
    use Safe Browsing?

    View full-size slide

  20. https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/

    View full-size slide

  21. Firefox extension
    2005

    View full-size slide

  22. added to Firefox
    2006

    View full-size slide

  23. Checking “live” adds too
    much latency to page loads
    • Firefox gets new bad urls from Google every 30m
    • Before displaying a page to a user, check local db

    View full-size slide

  24. The whole list is too big to
    download
    • each URL is canonicalized
    • then hashed
    • only the first 32 bits are kept

    View full-size slide

  25. False positives
    • Many urls could have the same 32-bit hash prefix
    • Get all the full hashes with the 32-bit prefix from
    the server
    • If page doesn’t match a full hash, it’s not on the
    list

    View full-size slide

  26. Download protection
    • Download the file
    • Check the main url, referrer and redirect chain against
    local blocklist; block if match
    • (Windows) if signed, check signature against allow-list
    of good publishers
    • If file is not binary, allow
    • If binary, send metadata to application reputation
    server

    View full-size slide

  27. What metadata?
    • filename
    • filesize
    • sha256 hash
    • locale

    View full-size slide

  28. Privacy
    • Browsers don't send all visited urls to Google
    • Safe Browsing data is never used anywhere else at
    Google
    • Firefox removes query string params from download
    check
    • Firefox stores Safe Browsing cookies in separate storage
    • Firefox adds a number of extra “noise” 32-bit hashes
    when requesting complete hashes

    View full-size slide

  29. How can you use it?

    View full-size slide

  30. developers.google.com/safe-browsing

    View full-size slide

  31. Need to get
    your site off the list?
    https://support.google.com/webmasters/answer/3258249?hl=en&ref_topic=4596795

    View full-size slide

  32. https://developers.google.com/safe-browsing/v4/lookup-api

    View full-size slide

  33. https://developers.google.com/safe-browsing/v4/update-api

    View full-size slide